CircleID

Last month I published an article called "What's Driving Spam and Domain Fraud? Illicit Drug Traffic” which explained how the many of the troublesome online crime issues are related to the online sale of narcotics and dodgy pharmaceuticals. Since this article was published we have witnessed one of the largest international law enforcement efforts against online drug traffic (Operation Pangea II) which included domain terminations requests to many Registrars, most of whom complied immediately without any court orders. Pharmacists and traffickers were also targeted with great success.

The Internet is a tool for criminals and part of a large functional structure for moving cash and illegal products. Most critical in the architecture of the global drug trade is the need for core domains to accept orders, process transactions, and operate as name servers to an illicit network. Clearly, the Registrars cannot be expected to monitor the content of all their domains (nor should they anyway), literally millions of domains sometimes. This is why Registrars need to work with the concerned public and the dutiful abuse handling community. However, when Registrars reject this assistance they show their hand and display their tacit, or possibly active, support for this illicit traffic. However, Registrars will cite the possibility of lawsuits as their reluctance to terminate domain names and many Registrars have been criticized for wrongfully terminating domains.

So what will save the Registrars from criminal infestation, law enforcement looking into their business, spam complaints, ICANN notices and law suits? Good policy. And the best policy is one implemented voluntarily and with clarity. No policy is bad policy, and no policy is what Registrars have been operating under for quite some time. The result is rampant online drug traffic that already lead to some Registrars downfall.

As a bright and shining example, GoDaddy recently updated its Terms of Use (TOS) to include the following language:

"Go Daddy may also cancel Your use of the Services...if You are using the Services [for]...activities associated with the sale or distribution of prescription medication without a valid prescription." source

This is one of the smartest moves I have seen from a Registrar in terms of cybercrime and they should be lauded for it. Every Registrar should make this language part of their TOS as a way of curbing fraud, spam, and intellectual property infringements within their space while at the same time indemnifying themselves. This action by Godaddy is a natural evolution from last year's joint declaration by Directi, HostExploit and KnujOn to stop the fake pharmacy menace. As we move from problem identification, problem definition, policy development to policy testing and policy enforcement process development we're heading the right direction. Other Registrars that hold a significant portion of the illicit pharmacy problem have clear choice: join in with the positive policy shift of risk investigations later.

Good, sound policy will provide the Registrars and their critics with a way to address this problem. Criminals need access to domain names as a resource and the Registrars are in a position to deny that access in a way that does not infringe on free speech or the flow of normal legal commerce.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. Visit the blog maintained by Garth Bruen here.

Related topics: Cybercrime, Domain Names, Domain Registries, ICANN, Internet Governance, Law, Malware, Policy & Regulation, Security, Spam